I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

many had experienced a ransomware attack at their organization?

Dozens of hands went up.

Ransomware attacks continue to make news. In just the last couple of months, high-profile victims included the city of Atlanta and a school district in Massachusetts. Many attacks, though, go unreported or unmentioned to the general public.

A layered defense is important to be able to protect and recover from ransomware, Rick Vanover, Veeam's director of product strategy, told the packed room of close to 200 people.

Backup, DR, education all play a role

Using offline storage to create an air gap is arguably the most technically efficient method of protection against ransomware. Tape is a good fit for air gapping, because you can take it off site, where it is not connected to the network or any other devices.

"The one reason I love tape is its resiliency in this situation," Vanover said.

Educating users is another major component of a comprehensive strategy for protection from ransomware.

"No matter how often you do it, you can't do it enough," said Joe Marton, senior systems engineer at Veeam.

Advice for users includes being overly careful about clicking links and attachments and telling IT immediately if there appears to be an issue.

IT should have visibility into suspicious behavior using monitoring capabilities. For example, Veeam ONE includes a predefined alarm that triggers if it detects possible ransomware activity.

Organizations as a whole should continue to follow the standard "3-2-1" backup plan of having three different copies of data on two different media types, one of which is off site or offline.

From a disaster recovery angle, DR isn't just for natural disasters.

"Ransomware can be a disaster," Marton said.

That means an organization's DR process applies to ransomware attacks.

The organization should also document its recovery plan, specifically one for ransomware incidents.

Matt Fonner, a severity one engineer of the Veeam support team, said every week he deals with two or three restores from a ransomware attack.

Ransomware, protection continue to evolve

The ransomware story does change every time you write it.
Rick Vanoverdirector of product strategy, Veeam

Vanover said later that he spent about 25 minutes following the presentation talking with people about attacks and protection from ransomware. One person told him that her SMB had been hit and decided to pay the ransom, rather than deal with an inferior restore program -- that wasn't Veeam.

Vanover said organizations should classify data to figure out which level of resiliency is needed. Not everything needs to be in that most expensive tier.

Vanover said the ransomware landscape has changed from a year ago, when he also gave a presentation on ransomware protection at VeeamON.

"The ransomware story does change every time you write it," he said.

One new twist in the storage is ransomware is attacking backups themselves. In a common scenario, ransomware will infiltrate a backup and stay dormant until the data is recovered back to the network following an attack on primary storage.

That's where offline storage comes in, Vanover said.

Data protection vendors are also starting to add specific features to protect backups from ransomware. For example, Asigra Cloud Backup has embedded malware engines in the backup and recovery stream. Acronis Active Protection detects suspicious changes to data, backup files and the backup application. CloudBerry Backup detects possible cases of ransomware in backups.

Vanover said if he drew up another presentation in a month or two, it would probably be different.

Join the conversation

1 comment

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.